NEW DELHI: Ethical hacker Elliot Alderson tweeted on Tuesday that the privacy of 90 million Indians was at stake as there is a “security flaw” in India’s contact tracing application, Aarogya Setu. However, a senior government official dismissed his claims. “There is no security gap or data breach. It is a non-issue,” he said.
Alderson had posted from his handle @fs0c131y around 8.40pm, “Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?” About 50 minutes later, he tweeted again, “@IndianCERT and @NICMeity contacted me. Issue has been disclosed to them.”
Alderson had ended his first tweet saying, “PS: @Rahul Gandhiwas right.” He was referring to the Congress leader’s May 2 post where he had described Aarogya Setu as a “sophisticated surveillance system, outsourced to a private operator.” His allegations had been countered by at least two union ministers: Ravi Shankar Prasad and Prakash Javadekar.
Reacting to Alderson, another senior official said that “the app is not a surveillance tool. Rather, it is a tool that can save lives. You are fighting a relentless virus. So don’t get confused or distracted.”
“We are confident there is no security breach. The app has undergone the most stringent security checks. We are always looking at suggestions to further strengthen it. Our team deals with several such suggestions every day. There are regular checks,” the official further said.
He also said that the product team of the Aarogya Setu app will soon put out a tweet making it clear that there is no data breach or security gap in the app.
Alderson had leaked thousands of Aadhaar details online in March 2018 to draw attention to its security flaws to officials. He had tagged the official handle of the UIADAI, providing details of loopholes in the database.
Alderson had posted from his handle @fs0c131y around 8.40pm, “Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private?” About 50 minutes later, he tweeted again, “@IndianCERT and @NICMeity contacted me. Issue has been disclosed to them.”
Alderson had ended his first tweet saying, “PS: @Rahul Gandhiwas right.” He was referring to the Congress leader’s May 2 post where he had described Aarogya Setu as a “sophisticated surveillance system, outsourced to a private operator.” His allegations had been countered by at least two union ministers: Ravi Shankar Prasad and Prakash Javadekar.
Reacting to Alderson, another senior official said that “the app is not a surveillance tool. Rather, it is a tool that can save lives. You are fighting a relentless virus. So don’t get confused or distracted.”
“We are confident there is no security breach. The app has undergone the most stringent security checks. We are always looking at suggestions to further strengthen it. Our team deals with several such suggestions every day. There are regular checks,” the official further said.
He also said that the product team of the Aarogya Setu app will soon put out a tweet making it clear that there is no data breach or security gap in the app.
Alderson had leaked thousands of Aadhaar details online in March 2018 to draw attention to its security flaws to officials. He had tagged the official handle of the UIADAI, providing details of loopholes in the database.
Source link